[SECURITY] [DLA 2062-1] sa-exim security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2062-1] sa-exim security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 9 Jan 2020 18:00:46 +0100
Message-id: <[🔎] a52ee5c0-652b-9551-92db-846c147296e5@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : sa-exim
Version        : 4.2.1-14+deb8u1
CVE ID         : CVE-2019-19920
Debian Bug     : 946829

It was found that sa-exim, the SpamAssassin filter for Exim, allows
attackers to execute arbitrary code if users are allowed to run custom
rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which
caused a functional regression in sa-exim. This update restores the
compatibility between spamassassin and sa-exim. The security
implications of sa-exim's greylisting function are also documented in
/usr/share/doc/sa-exim/README.greylisting.gz.

For Debian 8 "Jessie", this problem has been fixed in version
4.2.1-14+deb8u1.

We recommend that you upgrade your sa-exim packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4XXD1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeReAw/+P0z8irAJLGhC8y/Gy2KcljkAerbSSn6PFqc1bMMsBDjOMiOXVM/nI1/g
fITTDCnwGto0EbG6HDBdQvqUCyNSWOL91BTPK5Z+wV08EN1kBhrZqddur0nhdT3R
GisJ+ogjRYO7uQooYc+sIIZLoimBDJImAgNo5x9q3huSPD/P5y7Kh5jM/n6qqAOv
F/nuX4Lrkl4//d9e8BTNmiGcefYe7/taKM5H8ohQq01oa8Geq8I2qf6qFMaloUaf
4oGsaxK+MZxvLpZ4nkaCdCHWQAYklKzwvjFe54kF3j3lwdfJxfqK+PGUsBUs9WbY
LkhgH7PwZm938+9OceEy4i2K+DBM6T2pAJ+Lf9QxwXDo7jyQ7Odekprrf5rwRo5G
78+pfGvZl9CXx7fWK0AXuJhUAd9CMOrPkppgi6xK1+MujXrPNuDAst/yyXUu6lqD
VAQ6mXstjLUMxf1H/5zKfn77m1cTAtDK6yKPVoBjBS1cdG8pbjV/tSyDrddW8GsQ
TynitqqwU5uvtrSc7Zr9lo1mtfGrXrS6h8F+yJaN5xPTQCoh77HdaOMDdk1vqF5z
gZ5I0OJuD7aLcLtKxXTPooQrxIbKH5oKjKM12NYDJIhOjZ1Z70xYA9HvJ3wRVp6/
bEzS8rDKKVQgHNjPsIUNWvlUas3no0KFz+C8JbbKA0JZUMgATvQ=
=GqVf
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2061-1] firefox-esr security update
Next by Date: [SECURITY] [DLA 2064-1] ldm security update
Previous by thread: [SECURITY] [DLA 2061-1] firefox-esr security update
Next by thread: [SECURITY] [DLA 2064-1] ldm security update
Index(es):
- Date
- Thread